Red Hat Product Errata RHSA-2026:14873 - Security Advisory
Issued:
2026-05-07
Updated:
2026-05-07

RHSA-2026:14873 - Security Advisory

Synopsis

Important: Satellite 6.17.8 Async Update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

A new release is now available for Red Hat Satellite 6.17 for RHEL 9.

Description

Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.

Security Fix(es):

  • python-pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image (CVE-2026-25990)
  • candlepin: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects (CVE-2026-27727)
  • python-markdown: denial of service via malformed HTML-like sequences (CVE-2025-69534)
  • python-pyOpenSSL: DTLS cookie callback buffer overflow (CVE-2026-27459)
  • rubygem-activesupport: Active Support: Denial of Service via large scientific notation strings (CVE-2026-33176)

Bug Fix(es):

  • Satellite manifest consumer profile cert and key found in satellite client rhsm cache (SAT-43920)
  • All communication should happen only over https during global registration execution (SAT-43921)
  • Impossible to generate registration command via REST API in isolated networks managed by external capsules (SAT-43922)
  • Errata applicability and Refresh applicability tasks for RHEL 7 hosts runs dnf command. (SAT-43923)
  • BIOS info is not populated in All hosts page and in Host Details tab (SAT-43925)
  • Executing the 'katello::clean_backend_objects' rake task takes a long time to complete (SAT-43926)
  • Puppet fact parser can't create OS entry blocking Satellite leapp upgrades (SAT-43928)
  • No repositories available through subscriptions on a cloud-instance host after registering it to Red Hat Satellite using global registration method (SAT-43929)
  • Proxy password shown in clear text in the Overview page of Virt-who Configuration (SAT-43931)
  • Non-admin users on Satellite with viewer role, unable to see the hostgroup. (SAT-44039)

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For detailed instructions how to apply this update, refer to:

https://docs.redhat.com/en/documentation/red_hat_satellite/6.17/html/updating_red_hat_satellite/index

Affected Products

  • Red Hat Satellite 6.17 x86_64
  • Red Hat Satellite Capsule 6.17 x86_64
  • Red Hat Enterprise Linux for x86_64 9 x86_64

Fixes

  • BZ - 2439170 - CVE-2026-25990 pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image
  • BZ - 2442671 - CVE-2026-27727 com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects
  • BZ - 2444839 - CVE-2025-69534 python-markdown: denial of service via malformed HTML-like sequences
  • BZ - 2448503 - CVE-2026-27459 pyOpenSSL: DTLS cookie callback buffer overflow
  • BZ - 2450551 - CVE-2026-33176 Rails: Active Support: Active Support: Denial of Service via large scientific notation strings
  • SAT-43920 - Satellite manifest consumer profile cert and key found in satellite client rhsm cache [rhn_satellite_6.17]
  • SAT-43921 - All communication should happen only over https during global registration execution [rhn_satellite_6.17]
  • SAT-43922 - Impossible to generate registration command via REST API in isolated networks managed by external capsules [rhn_satellite_6.17]
  • SAT-43923 - Errata applicability and Refresh applicability tasks for RHEL 7 hosts runs dnf command. [rhn_satellite_6.17]
  • SAT-43925 - BIOS info is not populated in All hosts page and in Host Details tab [rhn_satellite_6.17]
  • SAT-43926 - Executing the 'katello::clean_backend_objects' rake task takes a long time to complete [rhn_satellite_6.17]
  • SAT-43928 - Puppet fact parser can't create OS entry blocking Satellite leapp upgrades [rhn_satellite_6.17]
  • SAT-43929 - No repositories available through subscriptions on a cloud-instance host after registering it to Red Hat Satellite using global registration method [rhn_satellite_6.17]
  • SAT-43931 - Proxy password shown in clear text in the Overview page of Virt-who Configuration [rhn_satellite_6.17]
  • SAT-44039 - Non-admin users on Satellite with viewer role, unable to see the hostgroup. [rhn_satellite_6.17]

Red Hat Satellite 6.17

SRPM
candlepin-4.4.25-1.el9sat.src.rpm SHA-256: b1b0734046a2a0f693c1bf507e1519e557a3c7f3094732c2fb74c76fb8c5c7de
foreman-3.14.0.16-1.el9sat.src.rpm SHA-256: 5bdfd35e40d7c13c8a34364f4153520e6a725cc1ec5ceb84bd8e49fc05eb5acd
foreman-installer-3.14.0.10-1.el9sat.src.rpm SHA-256: 3670cd299b31cc28faf611853faa4d6b7412bf34eac84c306b9465d6cd9db16d
python-markdown-3.8.2-1.el9pc.src.rpm SHA-256: 24c9da3f21fa9428de77369feb9ea721d953ee17efe8defa55212f3951fd0452
python-pillow-12.1.1-1.el9pc.src.rpm SHA-256: 08ead7576f56584b606da07aff93ba951a49ecf4cfaf7b3d165db93810b7be18
python-pulp-ansible-0.22.4-2.el9pc.src.rpm SHA-256: bd21014e2c131e643282e71a1399c64a6c23713a9b5423bec1ba09876df695c5
python-pyOpenSSL-25.1.0-0.3.el9pc.src.rpm SHA-256: df3c688c05574c8fb8bc5049f74ade70bd0440d1a98019846ea5eb2c02822b9c
rubygem-activesupport-7.0.8.7-2.el9sat.src.rpm SHA-256: c16e5e04d10682363bddea507e852141d100b29ef83fe808b6b8cf817e84d04c
rubygem-foreman_virt_who_configure-0.5.26-2.el9sat.src.rpm SHA-256: ef946a08d9222f25275a7ba532ae6b3c5024932cbb22b842070184d09615fcec
rubygem-katello-4.16.0.15-1.el9sat.src.rpm SHA-256: a73d41e970f11832ac5fc8ff096419da040d4f2feabc59851700278ac9f01ecf
satellite-6.17.8-1.el9sat.src.rpm SHA-256: 735bb1898b117c0118c08be245bdf4e7f108940ccd7aff12f70cb5fee182f48d
x86_64
candlepin-4.4.25-1.el9sat.noarch.rpm SHA-256: 0c5f146c1c65aab901512c18768b5362024456d126ee1807eac2ad5500b3a441
candlepin-selinux-4.4.25-1.el9sat.noarch.rpm SHA-256: b68d8e0d660fe619bdab1c3b7e94580397f0817a9d69ae989b5fa88de09c8a4c
foreman-3.14.0.16-1.el9sat.noarch.rpm SHA-256: d67252d0ca008e843ea3a101a32216c44ca617d5b2e01d6046eedb6ef0433d8b
foreman-cli-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 0a4fd8dea34bb6a717cb2ba04612711cf02f74e57f7c24d96892fdd2570a05a8
foreman-debug-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 74c17c6433af15e4da88ad7965a3ea41905b6c556883af8f4d5fd3e131b84693
foreman-dynflow-sidekiq-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 2a2d0a7cd9ebc81d75673a4fddeab1afd84bea71ce1de2be76310c49a34ef47e
foreman-ec2-3.14.0.16-1.el9sat.noarch.rpm SHA-256: d0ce57e336889f652135aecbcff8efffef6329d9d824fd1d2f971eab7d79face
foreman-installer-3.14.0.10-1.el9sat.noarch.rpm SHA-256: 395a13ffec48b692aa9b0133c8e31131e7bc01b3a8a940bbc06c344bd0ca37db
foreman-installer-katello-3.14.0.10-1.el9sat.noarch.rpm SHA-256: 20b0c8980d16667c91aa1c16341210cfa4afddb97aa6da6b4d246991119018d8
foreman-journald-3.14.0.16-1.el9sat.noarch.rpm SHA-256: dfce1d782abe1a07858c75a03cd918dde35a5b651e19b01451c475c6ee30ba6c
foreman-libvirt-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 5a575a2f74d62fc37268e7f3be6e7dff2c12b97fb7b425a4b0a550e33c353026
foreman-openstack-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 80527ef6bb046e9181788fb85dbb7685d0622e1ca0bcc493f65bfcceca88e70b
foreman-ovirt-3.14.0.16-1.el9sat.noarch.rpm SHA-256: e8b1ba89657265f926106dabc6487e73bdfa6948c81b96c1c896985e1134e620
foreman-pcp-3.14.0.16-1.el9sat.noarch.rpm SHA-256: e331ae981da7c4f84eed3886d8e8f8dd3c4b60ae6406a8bc37e57dffbaa5498f
foreman-postgresql-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 81a372adc197e0761e283fc7ba0d4b921d3a8d88d19bc2c709339fe132baba36
foreman-redis-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 56facf4c5b7f167f10766ebc112a2b24ca8c52373d76d843077767bd621c45a5
foreman-service-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 7cbab0b5a43273cea0aeb908bfc29509e0c0e1a6c2260a9a8e13d70710899c72
foreman-telemetry-3.14.0.16-1.el9sat.noarch.rpm SHA-256: fecada14df427532080ff5e89a5d904bfb2add742ee81e9d472269c1082b6723
foreman-vmware-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 9369c4d55146cda928e8c2b31ca422635908456a29dce4cfbf39b59198f0aa04
python-pillow-debugsource-12.1.1-1.el9pc.x86_64.rpm SHA-256: 60874d72ca7854fcccc273c6e1a425494dc991695b8d3c13c0893b8037ccc8a6
python3.11-markdown-3.8.2-1.el9pc.noarch.rpm SHA-256: 1533d837c2bad728ac64da2bf4ba9895f4e7e45e246d410bf6a3617ddb530cb6
python3.11-pillow-12.1.1-1.el9pc.x86_64.rpm SHA-256: 48ce9ec8bec986fe1e2e7695a7c3cde1abd60185e3e814ed0859baf588fde947
python3.11-pillow-debuginfo-12.1.1-1.el9pc.x86_64.rpm SHA-256: f035919b59e4d27f0420dd53f07ea160b746150917d05cc5ce78f05d051c5011
python3.11-pulp-ansible-0.22.4-2.el9pc.noarch.rpm SHA-256: 9df6c882b8e58ecb9c1e5d8190aef2daefc873d808a0eb22fee5a1623c1fd678
python3.11-pyOpenSSL-25.1.0-0.3.el9pc.noarch.rpm SHA-256: 01a11b898f7d22f1679ab9f2832b19ec4727d5a13f3a606c4cb3d45a25e7b8b8
rubygem-activesupport-7.0.8.7-2.el9sat.noarch.rpm SHA-256: 87c649ce1e8f0bb217b9b7aad15630502e0a8d0956e0d2961156f9afa01f9d3e
rubygem-foreman_virt_who_configure-0.5.26-2.el9sat.noarch.rpm SHA-256: 1fa787682ffce433fd4a4f691dee785a93edcaef42fe17f208ee7ebdb3fb5782
rubygem-katello-4.16.0.15-1.el9sat.noarch.rpm SHA-256: 0a9c7bfafc2dff149a8284763d6fd42eaacd928c71311224804afffe99aa4593
satellite-6.17.8-1.el9sat.noarch.rpm SHA-256: 82108ebb28f3b61df335b42eb983250f05efd2415a48669deaea5b38a48967c6
satellite-cli-6.17.8-1.el9sat.noarch.rpm SHA-256: 801d1089a061e141e6df0d6ddbe756eb624bdc801d76156377b15c6f71405251
satellite-common-6.17.8-1.el9sat.noarch.rpm SHA-256: b44ecb8ecec5d8fd34a7f3d2d7c654cfda7f8ee4fd0ca6b696f8a9c4eee8db9f
satellite-obsolete-packages-6.17.8-1.el9sat.noarch.rpm SHA-256: d1a9959dc4fe6dc67689d75c6a4e243fe08e0dfaeaec0809a74975fc9121c284

Red Hat Satellite Capsule 6.17

SRPM
foreman-3.14.0.16-1.el9sat.src.rpm SHA-256: 5bdfd35e40d7c13c8a34364f4153520e6a725cc1ec5ceb84bd8e49fc05eb5acd
foreman-installer-3.14.0.10-1.el9sat.src.rpm SHA-256: 3670cd299b31cc28faf611853faa4d6b7412bf34eac84c306b9465d6cd9db16d
python-markdown-3.8.2-1.el9pc.src.rpm SHA-256: 24c9da3f21fa9428de77369feb9ea721d953ee17efe8defa55212f3951fd0452
python-pillow-12.1.1-1.el9pc.src.rpm SHA-256: 08ead7576f56584b606da07aff93ba951a49ecf4cfaf7b3d165db93810b7be18
python-pulp-ansible-0.22.4-2.el9pc.src.rpm SHA-256: bd21014e2c131e643282e71a1399c64a6c23713a9b5423bec1ba09876df695c5
python-pyOpenSSL-25.1.0-0.3.el9pc.src.rpm SHA-256: df3c688c05574c8fb8bc5049f74ade70bd0440d1a98019846ea5eb2c02822b9c
rubygem-activesupport-7.0.8.7-2.el9sat.src.rpm SHA-256: c16e5e04d10682363bddea507e852141d100b29ef83fe808b6b8cf817e84d04c
satellite-6.17.8-1.el9sat.src.rpm SHA-256: 735bb1898b117c0118c08be245bdf4e7f108940ccd7aff12f70cb5fee182f48d
x86_64
foreman-debug-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 74c17c6433af15e4da88ad7965a3ea41905b6c556883af8f4d5fd3e131b84693
foreman-installer-3.14.0.10-1.el9sat.noarch.rpm SHA-256: 395a13ffec48b692aa9b0133c8e31131e7bc01b3a8a940bbc06c344bd0ca37db
foreman-installer-katello-3.14.0.10-1.el9sat.noarch.rpm SHA-256: 20b0c8980d16667c91aa1c16341210cfa4afddb97aa6da6b4d246991119018d8
foreman-pcp-3.14.0.16-1.el9sat.noarch.rpm SHA-256: e331ae981da7c4f84eed3886d8e8f8dd3c4b60ae6406a8bc37e57dffbaa5498f
python-pillow-debugsource-12.1.1-1.el9pc.x86_64.rpm SHA-256: 60874d72ca7854fcccc273c6e1a425494dc991695b8d3c13c0893b8037ccc8a6
python3.11-markdown-3.8.2-1.el9pc.noarch.rpm SHA-256: 1533d837c2bad728ac64da2bf4ba9895f4e7e45e246d410bf6a3617ddb530cb6
python3.11-pillow-12.1.1-1.el9pc.x86_64.rpm SHA-256: 48ce9ec8bec986fe1e2e7695a7c3cde1abd60185e3e814ed0859baf588fde947
python3.11-pillow-debuginfo-12.1.1-1.el9pc.x86_64.rpm SHA-256: f035919b59e4d27f0420dd53f07ea160b746150917d05cc5ce78f05d051c5011
python3.11-pulp-ansible-0.22.4-2.el9pc.noarch.rpm SHA-256: 9df6c882b8e58ecb9c1e5d8190aef2daefc873d808a0eb22fee5a1623c1fd678
python3.11-pyOpenSSL-25.1.0-0.3.el9pc.noarch.rpm SHA-256: 01a11b898f7d22f1679ab9f2832b19ec4727d5a13f3a606c4cb3d45a25e7b8b8
rubygem-activesupport-7.0.8.7-2.el9sat.noarch.rpm SHA-256: 87c649ce1e8f0bb217b9b7aad15630502e0a8d0956e0d2961156f9afa01f9d3e
satellite-capsule-6.17.8-1.el9sat.noarch.rpm SHA-256: b5738efed4ef60499fd9138194843140337d31b39199e5bbecba94e2d41b485f
satellite-common-6.17.8-1.el9sat.noarch.rpm SHA-256: b44ecb8ecec5d8fd34a7f3d2d7c654cfda7f8ee4fd0ca6b696f8a9c4eee8db9f
satellite-obsolete-packages-6.17.8-1.el9sat.noarch.rpm SHA-256: d1a9959dc4fe6dc67689d75c6a4e243fe08e0dfaeaec0809a74975fc9121c284

Red Hat Enterprise Linux for x86_64 9

SRPM
foreman-3.14.0.16-1.el9sat.src.rpm SHA-256: 5bdfd35e40d7c13c8a34364f4153520e6a725cc1ec5ceb84bd8e49fc05eb5acd
satellite-6.17.8-1.el9sat.src.rpm SHA-256: 735bb1898b117c0118c08be245bdf4e7f108940ccd7aff12f70cb5fee182f48d
x86_64
foreman-cli-3.14.0.16-1.el9sat.noarch.rpm SHA-256: 0a4fd8dea34bb6a717cb2ba04612711cf02f74e57f7c24d96892fdd2570a05a8
satellite-cli-6.17.8-1.el9sat.noarch.rpm SHA-256: 801d1089a061e141e6df0d6ddbe756eb624bdc801d76156377b15c6f71405251

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.